Hi, Mike Hommey: > Well, it kind of is. Because those versioned symbols in openssl come > from a debian patch, afaict. So while debian may be fine (as long as all > build-rdeps have been rebuilt since openssl got those versioned > symbols), other distros aren't covered, as well as binaries not > compiled on debian. > I am, frankly, not at all concerned with binaries not compiled on Debian at this point. Data point: Fedora uses a different symbol versioning scheme for openssl, so openssl-linked binaries from there won't run on Debian anyway.
It's far more imperative to educate upstream (in general, not just openssl – but them in particular) about the fact that adding versioning to their libraries is a Very Good Idea which will save them (and, more to the point, anybody using their code) a whole lot of hassle – as well as potential security holes – if/when their ABI changes. -- -- Matthias Urlichs -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
